What is Microsoft tunnel ? Microsoft Tunnel is a VPN gateway. This solution is used by microsoft Intune and allow access to on-premise solution at IOS/iPadOS or Android devices. Microsoft Tunnel install a Docker container. He is run on Linux server, he can be a virtual or physical server. After that installed Microsoft tunnel, you can deploy on your device a VPN profile. If you hosted the server on Azure, you need deploy an express route or a VPN between…
Configuring Autopilot and Hybrid AD Join can be useful if you want to be able to apply group policies on the workstation joined to Autopilot.The workstations can be configured using Microsoft Intune or/and through Active Directory group policies. Prerequisites Prerequisites for Autopilot The following URL must be accessed with the system context. You can use Test Device Registration Connectivity script.
When registering a Windows 10 workstation in Intune, the user account is used. It is then referenced as Primary user for the workstation.
Autopilot permit permit to install and preconfigure new Windows 10 devices. You can also use this platform for reset device. With Windows AutoPilot, the lifecycle of the workstation is managed. The installation, application deployment and end-of-life of the workstation can be managed from the cloud services.
What is Security baselines Security Baseline permit to secure and protect users and device present on Intune. It can be deploy to the group of user or Windows 10 device. With this settings, you can enable few parameter (automatically enables BitLocker, automatically disables basic authentication, etc.).
Why deploy Company portal ? Company portal is the Microsoft Intune Application. You can deploy it for install available application. On this application user can delete a lost device or force synchronization. This application is not installing when you install your computer. You must install by the windows store. You can deploy automatically this application with Windows Store for Business and Microsoft Intune.
Requirements for Autoenrollment Since Windows 10 1709, it is possible to automatically enroll the computer on Azure Active Directory (AD). You can use group policy parameter for auto-enrollment.
The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID. From the Azure portal, it’s possible to view the expiration date.
Prerequisites With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.
Deploy Email profile Intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms.